DNS queries limitation by host ?

[Jim Reid]

>>>>> "Ladislav" == Ladislav Vobr <lvobr at ies.etisalat.ae> writes:

    Ladislav> well, and I see you reply is very general one, have you
    Ladislav> ever try to do such a thing? 

No, but I know people who *have* to do this and discussed approaches
to rate limiting with them.

    Ladislav> I was talking about dynamic rate limiting

Nobody else was. The OP was talking about query rate limiting hooks
for BIND. There was no mention of dynamic rate limiting. Until you
raised this non sequitur.

    Ladislav> Most of the fw/routers don't support dynamic rate
    Ladislav> limiting, and many developers know it and their
    Ladislav> applications implement it, since it is a must today for
    Ladislav> big public environements.

This is utterly irrelevant to the original discussion. DNS service is
not an application in the same sense as an HTTP or SMTP server is an
application. The same goes for the respective protocols. And as I
already said, BIND does not have hooks for limiting inbound
queries. For DNS queries That job is best done by a router in front of
the name server.

    Ladislav> 	hmm, what is small for you, do you know that today
    Ladislav> almost everybody has at least isdn,dsl,cable ? Do you
    Ladislav> know that to fill the recursive-client queue on bind is
    Ladislav> a piece of cake even for analog dial-up user? Do you
    Ladislav> know, that bind doesn't even bother to log this or give
    Ladislav> you a hint why and who doing this?

<scarcasm mode>
No. What's dsl? Do you mean to say a name server needs to be
configured and tuned for the environment where it gets deployed?
Fancy that!
</scarcasm mode>